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Ku-Forward Service Overview 




Ku Forward provides a secondary 
communication path that will allow 
Payload ground systems to 
communicate with their on-orbit Joint 
Station LAN (JSL) or Ethernet 
connected payloads via standard IP 
communication protocols 

- Primary communication 

(command) path is still S-Band 
commanding through the PL 
MDM with 1553 service to the 
Payload 

HOSC is developing 
capabilities/services (CR 13351) that 
will allow both the POIC Cadre and 
Payload Users access to devices 
connected to the onboard Payload LAN 

The diagram outlines the data flow for a 
payload user using the Ku-Forward 
service. 
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Ku-Forward Schedule Overview 



• Ku Forward Internet Protocol (POIC-Cadre) ~ July 2014 

- Payload Operations & Integration Center (POIC) Cadre use of Internet Protocols to 
onboard devices 

• Ping to Express Laptops, Payload Ethernet Hub Gateway (PEHG) HRDL 
Gateways 

• Remote Desktop to Express Laptops 

• Ku Forward Internet Protocol (POIC-Remote) & CCSDS File Delivery Protocol (CFDP) 
(POIC-Cadre) ~ November 2014 (approx.) 

- Remote Payload User use of Internet Protocols to access their payloads and POIC 
Cadre access to CFDP 

• Pings and Remote Desktop by Payload Users 

• Secure Shell 

- POIC Cadre access to CFDP 

• File Transfers 

• Ku Forward CFDP (POIC-Remote) ~ March 2015 (approx.) 

- Remote Payload user access to CFDP 

• Full capability for Payload Users 
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Ku-Forward Phase 1 Status 



• Onboard iPEHG update applied 

• Successful Phase 1 Readiness Review conducted 

• Onboard Edge Router update applied 

• Data Management Coordinator (DMC) Testing 

• Payload Rack Officer (PRO) Testing 
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Date 

Test 

Objective 

Result 

Notes 

March 12, 

2014- 

Present 

Cadre Testing 

• DMC: PING numerous 
destinations, RDP to an 
EXPRESS Laptop, SSH and 
HTTPS to NAS 

• PRO: RDP and PING to 
EXPRESS Laptop. 

Success 

Performed during Operational 
Readiness Testing 

July 15, 
2014 

Data Management 
Coordinator (DMC) 
verify end to end 
forward link 
function. 

• DMC will perform an ICMP 
Ping Test to each Payload 
Ethernet Hub/Gateway 
(PEHG) Gateway and 
PEHG Controller 


Testing end to end from the HOSC 
to ISS on-board PEHG. 

July 22, 
2014 

Payload Rack 
Officer (PRO) verify 
Remote Desktop 
Protocol (RDP) with 
EXPRESS Laptop 
Computer (ELC). 

• PRO will perform an ICMP 
Ping Test to ELC in the US 
Lab, Columbus and JEM 
Laboratories 

• PRO will utilize RDP to 
remotely log into a selected 
ELC in the US Lab, 
Columbus and JEM 
Laboratories to start and 
stop an application and 
perform some file 
manipulation operations 


Dependent on successful DMC 
test. 

Once the initial testing is complete 
the PRO Team will schedule 
testing for each additional 
EXPRESS Rack and Derivative to 
perform the Ping and RDP testing 
on a non-interference basis when 
the Racks are available. 


o 
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Requesting Ku-Forward 




• Payload teams will need to update their Payload Integration Agreement (PIA) to 
add Ku-Forward as a requested service. 

• Work with your Payload Integration Manager (PIM) to complete the PIA and 
submit other required reports. 
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Ku-Forward New Documentation 



• SSP 50974 - ISS Onboard IT Security Requirements for USOS Systems 

- To establish the IT security requirements designed to maintain and improve the security posture of NASA’s ISS IT 
systems 

- These requirements will provide a baseline security implementation that is consistent across all US assets 

- Systems that have the potential for creating a hazard will meet the applicable Computer-Based Control Systems 
requirements called out in SSP 51700 or SSP 50038 

• SSP 50989 - ISS IT Security Policy for Onboard Connected Ground Support 
Systems 

- To provide security for all information systems and information collected, processed, transmitted, stored, or 
disseminated with respect to the ISS 

- To provide a baseline security implementation that is consistent across all IP/P systems 

- Updated to include HOSC Payload Ethernet Gateway (HPEG) subsystem 
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POIWG Topics related to Ku-Forward 



• General Topics 

- PSRP Ku Forward Requirements Following this Presentation 

• Covers the safety requirements for using Ku-Forward 

• Splinter Topics 

- Ku-Forward & Delay Tolerant Networking (DTN) Splinter Thursday July 24 th at 9AM 

• Open session to further discuss the Ku-Forward project as well as introduce the DTN project. 

- Ku-Forward IT Security Thursday July 24 th at 10AM 

• Open session to discuss the IT Security Requirements documents 
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Ku-Forward Payload User Access 
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• Configured to communicate on the Payload LAN 

• Running Secure Shell, CCSDS File Delivery Protocol, Remote Desktop, and/or Payload custom 
protocol 
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User Actions 

• Authenticates to EHS 

• If authorized for Ku-Forward service, user will connect to the HOSC Payload Ethernet 
Gateway (HPEG) 

• A list of user destinations and their respective protocols is returned to the user interface 

• User will select a destination and start the session 

• Using the Proxy IP Address returned the user will initiate the application they wish to use for 
that session 

• Sessions are preserved across LOS windows 

• When finished user will stop session 

• HPEG checks for inactivity and will prompt user to reply. No reply will lead to a 
disconnect from HPEG 
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Ku-Forward Phase 2 Documentation 


• SSP 57072 - Standard PIA for ISS Pressurized Payloads Update 

- POIC has updated the document to include the Ku-Forward option. 

• SSP 52050 - Payload Software Interface Control Document Part 1 

- Describes Ku-Forward service and outlines approved protocol assignments. 

• Current tested protocols include Secure Shell, Remote Desktop, ICMP Ping, HTTPS. 

• SSP 57000 - Pressurized Payload Interface Requirements Document 

- Updated to include verification requirements for Ku-Forward use. 

• SSP 50974 - ISS Onboard IT Security Requirements for USOS Systems 

- To establish the IT security requirements designed to maintain and improve the security posture of NASA’s ISS IT 
systems 

- These requirements will provide a baseline security implementation that is consistent across all US assets 

- Systems that have the potential for creating a hazard will meet the applicable Computer-Based Control Systems 
requirements called out in SSP 51700 or SSP 50038 

• SSP 50989 - ISS IT Security Policy for Onboard Connected Ground Support 
Systems 

- To provide security for all information systems and information collected, processed, transmitted, stored, or 
disseminated with respect to the ISS 

- To provide a baseline security implementation that is consistent across all IP/P systems 

- Updated to include HOSC Payload Ethernet Gateway (HPEG) subsystem 
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Ku-Forward Phase 2 Documentation 



• Safety Review Panel Memorandum Titled PAYLOAD KU FORWARD 
COMMAND/OPERATIONS RESTRICTIONS 

- Establishes safety policies for use of this new capability. 

• SSP 50305 POIC to Generic User Interface Definition Document 

- Updated to include HOSC Payload Ethernet Gateway (HPEG) subsystem 
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Points of Contact for Ku Forward 
Operations 



HOSC 

Andrew CeciI/MSFC/EO50 

256-544-8649 

andrew.j .cecil@nasa.gov 

POIF Safety 

Mitchell Moore/MSF C/EO 1 0 

256-961-1055 

mitchell.t.moore@nasa.gov 

DMC 

Hugh Cowart/MSFC/EO30 

256-961-1467 

hugh. s . cowart@nasa.gov 


Johnathan Carlson/MSFC/EO30 

256-544-0705 

johnathan.a.carlson@nasa.gov 

PARC 

Michelle Bamett/MSFC/EOlO 

256-544-3566 

michelle.barnett@nasa.gov 

PRO 

Jennifer Whitworth/MSFC/EO30 

256-961-1604 

jennifer.m.whitworth@nasa.gov 

POD 

Ann Bathew/MSFC/EO03 

256-544-5620 

ann.bathew@nasa.gov 

SE&I-PSI 

Tony DeLaCruz/JSC/Boeing 

281-226-4177 

tony.delacruz-iii@boeing.com 

SE&I 

Chen Deng/JSC/Boeing 

281-226-4264 

Chen.M.Deng@boeing.com 

IT Security 

Truong Le/JSC/ODl 11 

281-244-8790 

truong.le- 1 @nasa.gov 
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Acronyms 



CFDP 

CCSDS File Delivery Protocol 

CMD 

Command 

CPS 

Consolidated Planning System 

CR 

Change Request 

DFP 

Data Flow Plan 

DMC 

Data Management Coordinator 

ECW 

Emergency Caution & Warning 

EHS 

Enhanced HOSC System 

ELC 

EXPRESS Logistics Carrier 

FCT 

Flight Control Team 

FTP 

File Transfer Protocol 

GCP 

Ground Command Procedures 

HOSC 

Huntsville Operations Support Center 

HPEG 

HOSC Payload Ethernet Gateway 

HRDL 

High Rate Data Link 

HTTPS 

Hypertext Transfer Protocol Secure 

ICD 

Interface Configuration Document 

ICMP 

Internet Control Message Protocol 

IP 

Internet Protocol 

1ST 

Integrated Support Team 

JSL 

Joint Station LAN 

LAN 

Local Area Network 

MDM 

Multiplexer/Demultiplexer 

MOD 

Mission Operations Directorate 

OSTPV 

Onboard Short Term Plan Viewer 

PEHG 

Payload Ethernet Hub Gateway 

PIA 

Payload Integration Agreement 

POD 

Payload Operations Director 

POH 

Payload Operations Handbook 

POIC 

Payload Operations & Integration Center 

POIF 

Payload Operations and Integration Function 

PRCU 

Payload Rack Checkout Unit 

PRO 

Payload Rack Officer 
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PSI 

PSRP 

RDP 

SE&I 

SSH 



Payload Software Integration 
Payload Safety Review Panel 
Remote Desktop Protocol 
Systems Engineering & Integration 
Secure Shell 


